[crud-context] userApps and adminApps usages updated and added some other needed places too.

Author: frknbasaran

api/parts/data/stats.js

@@ -6,7 +6,8 @@
 /** @lends module:api/parts/data/stats */
 var stats = {},
     async = require('async'),
-    common = require("../../utils/common.js");
+    common = require("../../utils/common.js"),
+    { getUserApps } = require('../../utils/rights.js');
 
 var countlyDb;
 /**
@@ -65,7 +66,7 @@ stats.getUser = function(db, user, callback) {
     var apps;
 
     if (!user.global_admin) {
-        apps = user.user_of || [];
+        apps = getUserApps(user) || [];
     }
 
     getTotalEvents(function(totalEvents) {

api/parts/mgmt/apps.js

@@ -60,8 +60,8 @@ appsApi.getCurrentUserApps = function(params) {
         return true;
     }
 
-    var adminOfAppIds = getAdminApps(),
-        userOfAppIds = getUserApps();
+    var adminOfAppIds = getAdminApps(params.member),
+        userOfAppIds = getUserApps(params.member);
 
     common.db.collection('apps').find({ _id: { '$in': adminOfAppIds } }).toArray(function(err, admin_of) {
         common.db.collection('apps').find({ _id: { '$in': userOfAppIds } }).toArray(function(err2, user_of) {

api/parts/mgmt/users.js

@@ -104,6 +104,9 @@ usersApi.getAllUsers = function(params) {
             var membersObj = {};
 
             for (let i = 0; i < members.length; i++) {
+                const userApps = getUserApps(members[i]);
+                const adminApps = getAdminApps(members[i]);
+
                 const result = failedLogins.find(x => (x._id === JSON.stringify(["login", members[i].username]))) || { fails: 0 };
 
                 if (result.fails > 0 && result.fails % bruteforceFails === 0 && Math.floor(new Date().getTime() / 1000) < (((result.fails / bruteforceFails) * bruteforceWait) + result.lastFail)) {
@@ -113,15 +116,13 @@ usersApi.getAllUsers = function(params) {
                     members[i].blocked = false;
                 }
 
-                if (members[i].admin_of && members[i].admin_of.length > 0 && members[i].admin_of[0] === "") {
-                    members[i].admin_of.splice(0, 1);
+                if (adminApps[0] === "") {
+                    adminApps.splice(0, 1);
                 }
-                if (members[i].user_of && members[i].user_of.length > 0 && members[i].user_of[0] === "") {
-                    members[i].user_of.splice(0, 1);
+                if (userApps[0] === "") {
+                    userApps[0].splice(0, 1);
                 }
 
-                members[i].admin_of = ((members[i].admin_of && members[i].admin_of.length > 0) ? members[i].admin_of : []);
-                members[i].user_of = ((members[i].user_of && members[i].user_of.length > 0) ? members[i].user_of : []);
                 members[i].global_admin = (members[i].global_admin === true);
                 members[i].locked = (members[i].locked === true);
                 members[i].created_at = members[i].created_at || 0;
@@ -828,8 +829,8 @@ usersApi.deleteUserNotes = async function(params) {
 usersApi.fetchUserAppIds = async function(params) {
     const query = {};
     const appIds = [];
-    const adminApps = getAdminApps();
-    const userApps = getUserApps();
+    const adminApps = getAdminApps(params.member);
+    const userApps = getUserApps(params.member);
     if (!params.member.global_admin) {
         if (adminApps.length > 0) {
             for (let i = 0; i < adminApps.length ;i++) {

api/utils/rights.js

@@ -90,8 +90,9 @@ exports.validateUserForRead = function(params, callback, callbackParam) {
                     reject('No app_id provided');
                     return false;
                 }
+                const userApps = module.exports.getUserApps(member);
 
-                if (!((member.user_of && Array.isArray(member.user_of) && member.user_of.indexOf(params.qstring.app_id) !== -1) || member.global_admin)) {
+                if (!((userApps.indexOf(params.qstring.app_id) !== -1) || member.global_admin)) {
                     common.returnMessage(params, 401, 'User does not have view right for this application');
                     reject('User does not have view right for this application');
                     return false;
@@ -499,7 +500,7 @@ exports.dbUserHasAccessToCollection = function(params, collection, callback) {
     if (params.qstring.app_id) {
         //if app_id was provided, we need to check if user has access for this app_id
         // is user_of array contain current app_id?
-        var isUserOf = params.member.user_of && Array.isArray(params.member.user_of) && params.member.user_of.indexOf(params.qstring.app_id) !== -1;
+        var isUserOf = userApps.indexOf(params.qstring.app_id) !== -1;
         var isRestricted = params.member.app_restrict && params.member.app_restrict[params.qstring.app_id] && params.member.app_restrict[params.qstring.app_id].indexOf("#/manage/db");
         if (params.member.global_admin || isUserOf && !isRestricted) {
             apps = [params.qstring.app_id];

bin/upgrade/19.08/scripts/push.js

@@ -448,7 +448,7 @@ async function notifyGCM(db, apps) {
         console.log('[push] Checking member %s for GCM notifications', member.full_name);
 
         let aps = [];
-        let adminApps = getAdminApps();
+        let adminApps = getAdminApps(member);
 
         if (member.global_admin) {
             aps = apps;

frontend/express/libs/members.js

@@ -12,7 +12,7 @@
 var authorize = require('./../../../api/utils/authorizer.js'); //for token validations
 var common = require('./../../../api/utils/common.js');
 var plugins = require('./../../../plugins/pluginManager.js');
-
+var { getUserApps } = require('./../../../api/utils/rights.js');
 var configs = require('./../config', 'dont-enclose');
 var countlyMail = require('./../../../api/parts/mgmt/mail.js');
 var countlyStats = require('./../../../api/parts/data/stats.js');
@@ -355,8 +355,9 @@ membersUtility.login = function(req, res, callback) {
 
             if ((!countlyConfig.web.track || countlyConfig.web.track === "GA" && member.global_admin || countlyConfig.web.track === "noneGA" && !member.global_admin) && !plugins.getConfig("api").offline_mode) {
                 countlyStats.getUser(membersUtility.db, member, function(statsObj) {
+                    const userApps = getUserApps(member);
                     var custom = {
-                        apps: (member.user_of) ? member.user_of.length : 0,
+                        apps: (userApps) ? userApps.length : 0,
                         platforms: {"$addToSet": statsObj["total-platforms"]},
                         events: statsObj["total-events"],
                         pushes: statsObj["total-msg-sent"],

plugins/assistant/api/assistant.js

@@ -5,6 +5,7 @@ const PromiseB = require("bluebird");
 const async = require("async");
 const _ = require('underscore');
 const moment = require('moment-timezone');
+const { getUserApps } = require('../../../api/utils/rights.js');
 
 (function(assistant) {
     const db_name_notifs = "assistant_notifs";
@@ -206,8 +207,9 @@ const moment = require('moment-timezone');
             });
         }
         else {
+            const userApps = getUserApps(member);
             //get user list from member field
-            getAppData(member.user_of);
+            getAppData(userApps);
         }
     };
 

plugins/compare/api/api.js

@@ -8,7 +8,7 @@ var exported = {},
     crypto = require('crypto'),
     async = require('async'),
     log = common.log('compare:api'),
-    { validateRead } = require('../../../api/utils/rights.js');
+    { validateRead, getUserApps } = require('../../../api/utils/rights.js');
 
 const FEATURE_NAME = 'compare';
 
@@ -107,10 +107,11 @@ const FEATURE_NAME = 'compare';
         params.qstring.app_id = appsToFetch[0];
 
         validateRead(params, FEATURE_NAME, function() {
+            const userApps = getUserApps(params.member);
             if (!params.member.global_admin) {
                 for (var i = 0; i < appsToFetch.length; i++) {
-                    if (params.member && params.member.user_of) {
-                        if (params.member.user_of.indexOf(appsToFetch[i]) === -1) {
+                    if (params.member && userApps) {
+                        if (userApps.indexOf(appsToFetch[i]) === -1) {
                             return common.returnMessage(params, 401, 'User does not have view rights for one or more apps provided in apps parameter');
                         }
                     }

plugins/push/api/parts/endpoints.js

@@ -1079,8 +1079,8 @@ function cachedData(note) {
         var query = {
             'result.status': {$bitsAllSet: N.Status.Created, $bitsAllClear: N.Status.Deleted}
         };
-        let adminApps = getAdminApps();
-        let userApps = getUserApps();
+        let adminApps = getAdminApps(params.member);
+        let userApps = getUserApps(params.member);
         let app_id = params.qstring.app_id;
 
         if (!app_id || app_id.length !== 24) {
@@ -2001,7 +2001,7 @@ function cachedData(note) {
      * @returns {boolean} - true if is admin of app
      */
     function adminOfApp(member, app) {
-        let adminApps = getAdminApps();
+        let adminApps = getAdminApps(member);
         if (member.global_admin) {
             return true;
         }

plugins/reports/api/api.js

@@ -4,7 +4,7 @@ var common = require('../../../api/utils/common.js'),
     moment = require('moment-timezone'),
     log = require('../../../api/utils/log')('reports:api'),
     plugins = require('../../pluginManager.js'),
-    { validateCreate, validateRead, validateUpdate, validateDelete } = require('../../../api/utils/rights.js');
+    { validateCreate, validateRead, validateUpdate, validateDelete, getUserApps } = require('../../../api/utils/rights.js');
 
 const FEATURE_NAME = 'reports';
 
@@ -385,10 +385,10 @@ const FEATURE_NAME = 'reports';
      * @return {func} cb - callback function
      */
     function validateCoreUser(params, props, cb) {
-
+        var userApps = getUserApps(params.member);
         var apps = props.apps;
         var isAppUser = apps.every(function(app) {
-            return params.member.user_of && params.member.user_of.indexOf(app) > -1;
+            return userApps && userApps.indexOf(app) > -1;
         });
 
         if (!params.member.global_admin && !isAppUser) {

plugins/reports/api/generate_reports.js

@@ -1,4 +1,5 @@
 //start db connection
+const { getAdminApps } = require('../../../api/utils/rights.js');
 var plugins = require('../../pluginManager.js'),
     moment = require('moment-timezone'),
     async = require("async");
@@ -53,7 +54,8 @@ plugins.dbConnection().then((countlyDb) => {
             var arr = [];
             for (var i = 0; i < res.length; i++) {
                 if (!res[i].global_admin) {
-                    arr.push({emails: [res[i].email], apps: res[i].admin_of || [], metrics: {"analytics": true, "revenue": true, "push": true, "crash": true }, frequency: "daily", hour: 17, minute: 0, day: 1, timezone: "Etc/GMT", user: res[i]._id});
+                    var adminApps = getAdminApps(res[i]);
+                    arr.push({emails: [res[i].email], apps: adminApps || [], metrics: {"analytics": true, "revenue": true, "push": true, "crash": true }, frequency: "daily", hour: 17, minute: 0, day: 1, timezone: "Etc/GMT", user: res[i]._id});
                 }
             }
             async.map(arr, function(report, done) {

plugins/server-stats/api/api.js

@@ -1,3 +1,5 @@
+const { getUserApps } = require('../../../api/utils/rights.js');
+
 var plugins = require('../../pluginManager.js'),
     common = require('../../../api/utils/common.js'),
     udp;
@@ -153,7 +155,7 @@ var plugins = require('../../pluginManager.js'),
 
         ob.validateUserForMgmtReadAPI(function() {
             if (!params.member.global_admin) {
-                var apps = params.member.user_of || [];
+                var apps = getUserApps(params.member) || [];
                 for (let i = 0; i < periodsToFetch.length; i++) {
                     for (let j = 0; j < apps.length; j++) {
                         if (apps[j] !== "") {
@@ -216,7 +218,7 @@ var plugins = require('../../pluginManager.js'),
             let filter = {"m": {$in: dateRangeArray} };
             if (!params.member.global_admin) {
                 filter.$or = [];
-                const hasUserApps = params.member.user_of;
+                const hasUserApps = getUserApps(params.member);
                 hasUserApps.forEach((id) => {
                     dateRangeArray.forEach((period) => {
                         filter.$or.push({_id: `${id}_${period}`});

plugins/server-stats/frontend/app.js

@@ -3,6 +3,7 @@ var countlyConfig = require('../../../frontend/express/config');
 var versionInfo = require('../../../frontend/express/version.info');
 var request = require('request');
 var moment = require('moment');
+const { getUserApps } = require('../../../api/utils/rights');
 
 (function(plugin) {
     plugin.init = function(app, countlyDb) {
@@ -11,7 +12,7 @@ var moment = require('moment');
             if (!countlyConfig.web.track || countlyConfig.web.track === "GA" && member.global_admin || countlyConfig.web.track === "noneGA" && !member.global_admin) {
                 var match = {};
                 if (versionInfo.trial) {
-                    match.a = {$in: member.user_of || []};
+                    match.a = {$in: getUserApps(member) || []};
                 }
                 countlyDb.collection("server_stats_data_points").aggregate([
                     {